Judge has assessed an item in Issue #18 as 2 risk. The relevant finding follows:
[L-01] changePayees can result in broken share count
Description
for (uint256 i; i < newPayees.length; i++) {
if (newPayees[i] == address(0)) {
revert Errors.CANNOT_SET_TO_ADDRESS_ZERO();
}
if (newShares[i] == 0) {
revert Errors.SHARE_CANNOT_BE_ZERO();
}
When adding the newPayees to the payees set the contract fails to validate that each address in newPayees is unique. The results is that _totalShares will be incorrect if there is a repeat in newPayees.
Example:
Assume newPayees = [Bob,Bob] and newShares = [5,5]. Since _payees.add(payee) is a non-reverting add, if the address already exists in the set it won't revert. The end result is that _totalShares == 10 but _shares[Bob] == 5. This mismatch causes incorrect distribution of rewards.
Judge has assessed an item in Issue #18 as 2 risk. The relevant finding follows:
[L-01] changePayees can result in broken share count Description for (uint256 i; i < newPayees.length; i++) { if (newPayees[i] == address(0)) { revert Errors.CANNOT_SET_TO_ADDRESS_ZERO(); } if (newShares[i] == 0) { revert Errors.SHARE_CANNOT_BE_ZERO(); }
When adding the newPayees to the payees set the contract fails to validate that each address in newPayees is unique. The results is that _totalShares will be incorrect if there is a repeat in newPayees.
Example: Assume newPayees = [Bob,Bob] and newShares = [5,5]. Since _payees.add(payee) is a non-reverting add, if the address already exists in the set it won't revert. The end result is that _totalShares == 10 but _shares[Bob] == 5. This mismatch causes incorrect distribution of rewards.